This is a read-only copy of the MariaDB Knowledgebase generated on 2024-11-15. For the latest, interactive version please visit https://mariadb.com/kb/.

Created: 7 years, 1 month ago
Modified: 7 years, 1 month ago
Type: question
Status: active
License: CC BY-SA / Gnu FDL

Attachments

No attachments exist

Security of Mariadb root account

Installed Mariadb on a Raspberry Pi running Raspbian Stretch OS.

Ran the mysql_secure_installation script to secure database, setting a root password, and 'Yes' to remainder of questions. At this stage, I assumed that the Mariadb root account was secured with the password, however...

Using $ sudo mysql and without entering any password whatsoever, I get access to perform actions normally associated with the root account.

How can that be?? and what was the purpose in adding a password, if root access can be so readily gained.

Answer Answered by Brian Evans in this comment.

This is a Debian decision to:

Not require a password with sudo
Utilize the unix_socket plugin by default

The latter is set in the Debian install scripts. You can override this by removing the plugin for 'root'@'localhost' as long as you understand that Debian scripts may be looking for their default.

↑ Securing MariaDB ↑

Content reproduced on this site is the property of its respective owners, and this content is not reviewed in advance by MariaDB. The views, information and opinions expressed by this content do not necessarily represent those of MariaDB or any other party.

Security of Mariadb root account

Answer Answered by Brian Evans in this comment.

Products

Services

Pricing

Resources

About Us

Download MariaDB